OpenSSL is an open-source implementation of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols. It provides a powerful set of cryptographic functions that are used for securing data in transit, such as web transactions and email communication. OpenSSL is widely used by system administrators and software developers, and it is available on most operating systems. In this blog, we will explore how to install OpenSSL on Linux.
OpenSSL Architecture :
OpenSSL is a library that provides various cryptographic functions, such as symmetric and asymmetric encryption, digital signature generation and verification, and secure random number generation. It is written in C programming language and can be used in C, C++, and other programming languages.
The OpenSSL library is divided into several components, including the cryptographic algorithms, the SSL and TLS protocol implementation, and the X.509 certificate handling. Each component can be used independently or in combination with others.
OpenSSL supports a wide range of cryptographic algorithms, including symmetric key algorithms such as AES, DES, and 3DES, and asymmetric key algorithms such as RSA, DSA, and ECDSA. It also supports various hash algorithms such as SHA-1, SHA-2, and MD5.
SSL and TLS Protocols
OpenSSL supports both SSL and TLS protocols. SSL is the predecessor of TLS and is still in use, although it is less secure than TLS. TLS is the current standard for secure communication over the internet.
TLS provides several key features, including confidentiality, integrity, and authenticity. Confidentiality ensures that data is protected from eavesdropping, integrity ensures that the data has not been tampered with, and authenticity ensures that the data is coming from a trusted source.
Certificate Handling
OpenSSL supports the X.509 certificate format, which is widely used for public key infrastructure (PKI). A certificate contains a public key and other information, such as the certificate holder’s name and the certificate’s expiration date. The certificate is digitally signed by a trusted certificate authority (CA) to ensure its authenticity.
OpenSSL can generate self-signed certificates, which are useful for testing and development purposes. It can also be used to sign and verify certificates using a trusted CA.
If you want to create Self-Signed Certificates with OpenSSL. Click here
OpenSSL Versions, Release dates and EOL :
Here I am listing OpenSSL versions, released dates and EOL so you will get idea to install most updated version for your Linux server.
Versions | Released Dates | EOL |
3.0 (LTS) | 07 Sep 2021 | 07 Sep 2026 |
1.1.1 (LTS) | 11 Sep 2018 | 11 Sep 2023 |
1.1.0 | 25 Aug 2016 | 11 Sep 2019 |
1.0.2 (LTS) | 22 Jan 2015 | 31 Dec 2019 |
Steps to install latest OpenSSL on Linux server
Latest OpenSSL doesn’t come with installation package. The best way to install OpenSSL is to download binaries from OpenSSL official websites. This tutorial will help you to install latest OpenSSL on old Linux systems like CentOS 7, RHEL 7, Oracle Linux 7, Ubuntu 20.04 or Debian 10.
Prerequisites:
- sudo privileges.
- Stable internet connection.
First check server OS version then start installation as per OS version:
# egrep '^(VERSION|NAME)=' /etc/os-release
Check installed OpenSSL version:
Before installing OpenSSL, check already installed OpenSSL version on system:
# openssl version
Install the prerequisite packages:
For RHEL, CentOS and Oracle Linux 7 server
# yum group install 'Development Tools' -y
# yum install perl-core perl-IPC-Cmd zlib-devel wget gzip -y
For RHEL, CentOS, Oracle Linux or Rocky Linux 8 and 9 server
# dnf group install 'Development Tools' -y
# dnf install perl-core perl-IPC-Cmd zlib-devel wget gzip -y
For Ubuntu and Debian server
# apt update -y
# apt install build-essential zlib1g-dev wget gzip -y
Download OpenSSL Latest version:
# cd /tmp && wget https://www.openssl.org/source/openssl-3.0.10.tar.gz
Extract downloaded tar file and delete tar file:
# tar -xzvf openssl-*.tar.gz && rm -rf openssl-*.tar.gz && cd openssl-*
Compile OpenSSL from source code:
# ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
Note: Wait a while to compete the OpenSSL compilation process.
Now Install the OpenSSL:
# make && make install
We successfully installed Latest OpenSSL 3.0.
Lets Configure OpenSSL Link Libraries:
# cat <<'EOT' | sudo tee /etc/ld.so.conf.d/openssl-3.0.10.conf
/usr/local/ssl/lib64
EOT
# ldconfig -v
Configure installed OpenSSL to default OpenSSL:
# mv /usr/bin/openssl /usr/bin/openssl.bak && mv /usr/bin/c_rehash /usr/bin/c_rehash.bak
# update-alternatives --install /usr/bin/openssl openssl /usr/local/ssl/bin/openssl 1
# update-alternatives --install /usr/bin/c_rehash c_rehash /usr/local/ssl/bin/c_rehash 1
Verify installed OpenSSL version:
# openssl version
That’s it. We installed the latest version of OpenSSL on Linux system.
Conclusion
OpenSSL is a powerful and versatile tool that can be used to secure communications over the internet. We installed the latest version of OpenSSL 3.0 on CentOS, RHEL, Oracle Linux, Ubuntu and Debian. Now you can use it to generate keys, certificates, and other cryptographic artifacts, as well as encrypt and decrypt files.